documentation-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes data from an external source (documentation libraries) which could contain instructions designed to influence the agent's response.
- Ingestion points: Data enters the agent context through the
query-docstool response as described inSKILL.md. - Boundary markers: Absent. There are no instructions to the agent to treat the documentation as untrusted data or to use specific delimiters.
- Capability inventory: The agent uses the content to answer user questions and generate code blocks.
- Sanitization: Absent. The instructions do not specify any validation or filtering of the fetched content before incorporation into the response.
- [External Downloads] (SAFE): The skill is configured to communicate with
https://mcp.context7.com/mcp/oauth. While this is not a whitelisted domain, it is the primary functional endpoint for the documentation service and shows no signs of malicious exfiltration or unauthorized access.
Audit Metadata